thinkst thoughts

Stuff we Say

Chrome Extension for gpg in Gmail

Last month we released an alpha version of cr-gpg. This is a simple Chrome extension to enable gpg functionality in gmail (or Apps for Domains). (If you don't know what gpg is, you should first read this and this.)

Installation :

You can grab the extension from [here] and a double click should install it , after the install is completed you should see the image above if you navigate to chrome://extensions :

Options :

Once you have installed the plugin, there are 2 required configuration options:
1) Directory with gpg binary
2) Temp folder path (writable by the browser)

(cr-gpg simply calls out to the gpg installation on your machine. Option [1] therefore is asking where it can find the gpg executable, and Option [2] is looking for a scratch directory to do its work). (We make some effort to ensure that the temp directory is well maintained). You should be able to click "Use Default" on most installations.

The "Encrypt to self" option is fairly self explanatory. If i encrypt (and send) an email to you, the encrypted email will be in my sent-items. I would be unable to read this mail though (since it has been encrypted with your public key, not mines). If you would like to be able to read the mails as well, then simply select this option (and enter your email address in the next field: "Encrypt to self Email Address")

Now click "Save" to save these options. (cr-gpg will do some basic sanity checking on your options). You can return to these options through the extensions window or by clicking the lock icon added to your browser chromeConvenience Functions :

The other convenience functions enabled through the lock icon allow you to do simple gpg key management, encrypt and sign blocks of text.Embedded Functions :

When typing an email in GMail, we should now see an additional link: "Encrypt Message"
(If we have the recipients public key,) simply clicking this should encrypt the mail to the recipient as seen below.

When you receive an encrypted email, simply click on "Decrypt Message".

Decrypting an email requires access to your private key (which is usually password protected.) Enter the password, Click "OK" and you should be good to go..

Give it a try [here], and let us know if you have bugs [here], comments, complaints or suggestions..

I'm working on a very similar extension except rather than use the gpg binary I'm working on making a JS library to handle that. Details are at: http://prometheusx.net/introducing-gmail-crypt/ Perhaps there would be some interest in working together?

The last Chrome update that people got seemed to have a regression with plugins resulting in that error. (It should work fine on win64 now) and if you are still getting that error (with ours or other extensions), try downloading the file to a different directory (other than downloads) and adding it from there..

Not yet sure if this is a bug or I am missing something obvious... Installed cr-gpg 0.7.8. It runs under Chromium 18.0.996.0 on Ubuntu 10.04 (32bit, i686).

I compose a message to my second address (and I have the key for that address), press Encrypt message, but nothing happens. When I click Sign message, I see the passphrase prompt, but OK button does nothing.

I'm using WindowsXP Home. After I install the extension and try to configure the options using Default, I get an error "options saved but parameters provided invalic". It appears the path to the gpg binary is not correct - but I have no idea where it is. I'm not even certain it was installed. I've searched my hard drive for the directory and cannot find anything with "gpg" in the file name.

The prefered method for windows is to grab the gpg application from (http://www.gpg4win.org/).They have a nice installer as well as various applications to get your started without the need to use the command line.

Once you have installed gpg4win the default path should work for you unless you install to a different location. In that case use the example provided as a means to find the gpg binary.

I hope this helps otherwise drop me a mail @ jameel at thinkst.com and I can try to help you out more.

I found a workaround for OS X lion with GPGtools, Used the above mentioned path, and in the macgpg2 folder I copied and renamed gpg2 to just gpg, and everything works. Thank you very ,much for this excellent addon. Helps alot, Thanks again

How do you import other people's public keys and your own private keys? Should we just paste the keys in the "import keys" tab? When I try to export the keys using $ gpg --export or$ gpg --export-secret-keysmy gpg doesn't attach the usernames/emails to them so I don't know how importing them would work if cr-gpg can't figure out who it corresponds to. Also, there should be a way to see which keys have been imported.

I can get it to install on both my mac (OS X Lion) or Windows 7 (32 bit) machines.

* Basic functionality works fine on the Mac* The "Encrypt Message" link doesn't show up on either* On windows whenever I try to decrypt i get an invalid password error. I installed gpg to: "C:\Program Files\GNU\GnuPG\", and imported my entire keyring including secret keys using the GPA front end.

Hi @bkode Currently we can only import other users public keys. For you to import your private key you would need to use the base package provided by your OS. Finally we will probably be adding the feature to view existing keys in a future version.

@jason For windows it best if you gpg4win , its been found that the other versions don't seem to work as well. Also you mentioned that you imported all your secret keys , do you have multiple ? If so you need to set the one you want to work with cr-gpg as the default. This is a feature that we want to add in the future as well (the ability to select which secret key to use). Finally when you say the encrypt message doesn't show up , do you have any custom settings such as a different language in use.

No custom settings that I'm aware of. On the encrypt issue, I don't even get the "encrypt" link in the page itself. I've only tried the "encrypt" option from the cr-gpg tab pane. And when I do it looks like the computer is thinking & then the window just disappears without producing any encrypted text or putting anything on the clipboard buffer.

Looks nice but I fear putting a pass phrase into a web browser window :-( The WebGP extension let's gpg prompt for the phrase which is better, but it doesn't seem to integrate as well with gmail unless you press show original :-(

I've set up a key pair in the WinPT key manager that comes with it. My gpg binary is in: E:\Program Files\GNU\GnuPG\

I didnt know what to use for a temp folder so I created one in: C:\Users\*username*\AppData\Local\Google\Chrome\User Data\Default\GPG\ which I figured would be writable by the browser.

I dont see an encrypt link on the compose new email page in gmail... I do get a decrypt icon when reading existing mail though... However when I click it and enter my password it always says I entered the wrong PW.

If you'd like to troubleshoot this with me over email I'm at: pcsmith (at) hotmail dot com

i know u are able to reply fast .... nd i m also in such need of fast reply with ur help ...

i m having my gpg4win installed at this location .... C:\Program Files\GNU\GnuPG\and temporary file which can be written by browser are C:\temp or C:\Users\Sitaram\AppData\Local\Google\Chrome\User Data\Temp

i tried both of them , but still one thing of error is "options saved but parameters provided are invalid "...

i m hopeless and helpless , hopefully needing ur help on urgent based ....

For everyone not seeing the Encrypt, Decrypt and Verify buttons in Gmail (like me at first), here's what's up.

1) To encrypt, you need to click "Plain Text" at the end of the Rich Text editing buttons. Then the Encrypt link shows up at the left end of that row of links and icons.

2) The decrypt and verify icons are at the upper top right of the message area when reading email. It doesn't make sense to have a decrpyt and verify button on the Compose screen.

Now, onto my problem :) I am on Windows 7 64-bit. I sent an email to myself to test it out, and it is unable to verify, saying that no public keys were found for the recipient. But when I copy the entire email to Notepad and save it, I am able to verify at the command prompt with

gpg --verify "name of file.txt"

so it appears there's something going on with your plugin. Also, with the manual launcher in the top right corner (excellent for use with other sites, like social networking, btw) I am able to sign and encrypt text but cannot verify. I have to do the same trick to copy the text to Notepad, save it, and verify it from the command prompt. Being able to verify from either GUI implementation would be wonderful. Not working for me, yet. I'm wondering if your code is selecting my full name as well as email address when searching for keys and not just searching for the email address. Besides that, why is your plugin even searching for keys for the recipient in the first place when gpg is able to properly verify from the command line without specifying a key?

We only use the email when searching for keys. With regards to the verification stating that no public keys were found , It sounds like you may be getting a generic error message that was not intended for that section, this usually happens when then plugin is not communicating with the browser correctly. Can you verify that the plugin is able to encrypt emails for you ?

That is expected , we don't make the decrypted text available anywhere except temporarily when you click the decrypt button. Unfortunately the only way I can think of you quoting text in a reply is with a manual copy and paste. If you think this is a feature others will need then please log an issue over at http://github.com/rc1140/cr-gpg/issues .This will allow us to track the progress and let you know when the feature is released.

I installed it yesterday and had it working fine, but today I can no longer see the decrypt button (I can still see the encrypt one, and I can still decrypt manually by cutting and pasting into the tool box). Any suggestions?

1.) Being a Google Apps user, I'd like to switch to German language with the general user interface. If I do so, the buttons for Decrypt message and Encrypt message do not show up. When I switch to "English (US)" everything is fine. Any chance to show the buttons also in different languages? ;-) If this is just the German translation missing, I'm happy to help with that.

2.) When decrypting a message, inbound base64 attachments (from multipart messages) are not shown as attachments any more, but just with pure base64 code. Do you see a chance that this can be shown as a regular attachment in the future?

Thank you for developing such an important extension. However, during installation I am asked to grant access to "All data on your computer and the websites that you visit". This does not sound like the kind of thing that I want to do when I am aiming to increase my security situation thru the use of GNU Privacy Guard. I wonder if you might consider completely removing this requirement from the installation. I am unable to use the extension in its current form.

@ Anonymous (August 1, 2012)The language specific changes have been made to the repo (http://github.com/rc1140/cr-gpg) and will be rolledinto the next version. I am not 100% sure what you are referring to with the attachments , if you could dropme and email with a bit more details.

@John BrownThis requirement you are referring to is because we use npapi which google does not have control over as suchthey mark the plugin as having full access. If you have a look at the manifest.json (https://github.com/RC1140/cr-gpg/blob/master/chromeExtension/manifest.json) which describes the plugin you will see that we currently only require access to gmail.com and the ability to pop open the options tab when you have not updated your settings.

@Nom De GuerreThe first iteration of your options should work but your temp settings may be a little to long and be causing somethingto go wrong internally. Try creating a temp directory like c:\temp and making sure your user has access to the folder.As mentioned to other users , drop me a mail directly and I can help to see what you are doing differently from the otherusers.

@ Anonymous (August 28, 2012)You can use the command `which gpg` from the console to get the full path to the application.Alternatively its general location should be @ '/opt/local/bin/gpg' which is the default location cr-gpg uses.As mentioned to the previous users , drop me a mail so that I can get more details to figure out what might bedifferent.

This post has gotten quite long , but if you require support drop me a mail @ jameel at thinkst.comand I will try my best to help you out

Jameel,Thank you for the explanation regarding manifest.json. The msg "All data on your computer and the websites that you visit" is unfortunate.

I have another question. When I am composing a gmail using the web interface, I strongly suspect that the web form is auto-saving at frequent intervals. If this is so, then my partially composed message is being transmitted to google's servers multiple times "in the clear" until the cr-gpg "Encrypt message" is clicked. Does cr-gpg disable such auto-saving? What am I missing? thanks...

Hi it looks like the new compose window breaks the plugin again. Its possible to bring the buttons back by -> choosing the small down arrow icon in the bottom right -> then selecting 'temporarily switch back to old compose'. Dont know how long gmail will keep that function though.